Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.212.175 as permitted sender)
	client-ip=209.85.212.175; envelope-from=mh.in.england@gmail.com;
	helo=mail-wi0-f175.google.com; 
MIME-Version: 1.0
Sender: mh.in.england@gmail.com
In-Reply-To: <54E8AC69.4000102@gmail.com>
References: <CALqxMTE2doZjbsUxd-e09+euiG6bt_J=_BwKY_Ni3MNK6BiW1Q@mail.gmail.com>
	<CANEZrP32M-hSU-a1DA5aTQXsx-6425sTeKW-m-cSUuXCYf+zuQ@mail.gmail.com>
	<CAAS2fgSEqYNiGFk0pZ-hT_0zR7_Nh1OUvyfFd-DE=a-cdzgWwQ@mail.gmail.com>
	<CANEZrP21+0kLCX2sanFYFKEQj4iGgMmmA5sc3k_y+mpx9WC09A@mail.gmail.com>
	<54E8AC69.4000102@gmail.com>
Date: Sat, 21 Feb 2015 17:47:43 +0100
Message-ID: <CANEZrP2iPRA_mSXqdzXBxiNZ=aJEEfTaG5DL5Bg0zPGPhkkhPw@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Chris Pacia <ctpacia@gmail.com>
Content-Type: multipart/alternative; boundary=047d7bb7092c8e1ec0050f9bed38
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] bloom filtering, privacy
Precedence: list

--047d7bb7092c8e1ec0050f9bed38
Content-Type: text/plain; charset=UTF-8

>
> Adam seems to be making sense to me. Only querying a single node when an
> address in my wallet matches the block filter seems to be pretty efficient.
>

No, I think it's less efficient (for the client).

Quick sums:  blocks with 1500 transactions in them are common today. But
Bitcoin is growing. Let's imagine a system 10x larger than today. Doesn't
seem implausible to reach that in the next 5-10 years, so 15,000
transactions. Each transaction has multiple elements we might want to match
(addresses, keys, etc).

Let's say the average tx contains 5 unique keys/elements. That's the base
case of {1 input, 2 outputs} without address reuse, plus fudged up a bit
for multi-sends then down a bit again for address reuse.

15,000*5=75,000 unique elements per block. With an FP rate of 0.1% we get:

http://hur.st/bloomfilter?n=75000&p=0.001

131.63KB per block extra overhead.

144 blocks in a day, so that's 18mb of data per day's worth of sync to pull
down over the network. If you don't start your wallet for a week that's 126
megabytes of data just to get started.

Affordable, yes (in the west). Fast enough to be competitive? Doubtful. I
don't believe that even in five years mobiles will be pulling down and
processing that much data within a few seconds, not even in developed
countries.

But like I said, I don't see why it matters. Anyone who is watching the
wire close to you learns which transactions are yours, still, so it doesn't
stop intelligence agencies. Anyone who is running a node learns which
transactions in the requested block were yours and thus can follow the tx
chain to learn which other transactions might be yours too, no different to
today. If you connect to a single node and say "give me the transactions
sending money to key A in block N", it doesn't matter if you then don't
request block N+6 from the same peer - they know you will request it
eventually anyway, just by virtue of the fact that one of the transactions
they gave you was spent in that block.

--047d7bb7092c8e1ec0050f9bed38
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;paddi=
ng-left:1ex"><div text=3D"#000000" bgcolor=3D"#FFFFFF">Adam seems to be mak=
ing sense to me. Only querying a single node
    when an address in my wallet matches the block filter seems to be
    pretty efficient.</div></blockquote><div><br></div><div>No, I think it&=
#39;s less efficient (for the client).</div><div><br></div><div>Quick sums:=
 =C2=A0blocks with 1500 transactions in them are common today. But Bitcoin =
is growing. Let&#39;s imagine a system 10x larger than today. Doesn&#39;t s=
eem implausible to reach that in the next 5-10 years, so 15,000 transaction=
s. Each transaction has multiple elements we might want to match (addresses=
, keys, etc).=C2=A0</div><div><br></div><div>Let&#39;s say the average tx c=
ontains 5 unique keys/elements. That&#39;s the base case of {1 input, 2 out=
puts} without address reuse, plus fudged up a bit for multi-sends then down=
 a bit again for address reuse.<br></div><div><br></div><div>15,000*5=3D75,=
000 unique elements per block. With an FP rate of 0.1% we get:</div><div><b=
r></div><div><a href=3D"http://hur.st/bloomfilter?n=3D75000&amp;p=3D0.001">=
http://hur.st/bloomfilter?n=3D75000&amp;p=3D0.001</a><br></div><div><br></d=
iv><div>131.63KB per block extra overhead.<br></div><div><br></div><div>144=
 blocks in a day, so that&#39;s 18mb of data per day&#39;s worth of sync to=
 pull down over the network. If you don&#39;t start your wallet for a week =
that&#39;s 126 megabytes of data just=C2=A0to get started.</div><div><br></=
div><div>Affordable, yes (in the west). Fast enough to be competitive? Doub=
tful. I don&#39;t believe that even in five years mobiles will be pulling d=
own and processing that much data within a few seconds, not even in develop=
ed countries.</div><div><br></div><div>But like I said, I don&#39;t see why=
 it matters. Anyone who is watching the wire close to you learns which tran=
sactions are yours, still, so it doesn&#39;t stop intelligence agencies. An=
yone who is running a node learns which transactions in the requested block=
 were yours and thus can follow the tx chain to learn which other transacti=
ons might be yours too, no different to today. If you connect to a single n=
ode and say &quot;give me the transactions sending money to key A in block =
N&quot;, it doesn&#39;t matter if you then don&#39;t request block N+6 from=
 the same peer - they know you will request it eventually anyway, just by v=
irtue of the fact that one of the transactions they gave you was spent in t=
hat block.</div><div><br></div><div><br></div></div></div></div>

--047d7bb7092c8e1ec0050f9bed38--